Enable Ssl Client Authentication With The Internal Database - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual

Port number. Type a TCP/IP port number; CS uses this port for non-SSL
communications with the Directory Server instance that is functioning as the internal
database. Make sure that the port you specify is unique on the host system.
Directory manager DN. Type the distinguished name (DN) of an entry in your LDAP
directory that has directory manager access. CS will use this DN when it accesses the
directory tree to communicate with the directory.
To save your changes, click Save.
4.
The CS configuration is modified. If the changes you made require you to restart the
server, you will be prompted accordingly. In that case, restart the server.
Enable SSL Client Authentication with the Internal
Database
Stop CS
1.
Go to the directory
2.
Open the file
3.
CS.cfg
Edit the following lines to the indicated values:
4.
internaldb.ldapauth.authtype=SslClientAuth
internaldb.ldapauth.bindDN=CN=Directory Manager
internaldb.ldapauth.bindPWPrompt=Internal LDAP Database
internaldb.ldapconn.host=<ldap_hostname>
internaldb.ldapconn.port=<ldap_httpsport>
internaldb.ldapconn.secureConn=true
internaldb.ldapauth.clientCertNickname=Server-Cert
cert-<instance_name>
Go to the Directory Server console.
5.
Create an entry for the suffix which matches the subject DN of the CS subsystem
6.
certificate for the subsystem using this internal database. For example if your CA
server certificate has a the subject name
c=jupiter.example.com,ou=marketing,o=example,l=mv,c=us then create a suffix
o=example,l=mv,c=us
Go to Configuration Tab.
a.
Right click and select Data.
b.
Click on New Suffix and add the suffix
c.
<server-root>/cert-<id>/config
in a text editor.
. To do this:
The Internal Database
.
Chapter 8 Administrative Basics 283